Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SYSTEM ACTING WEIRD - RANDOM CLOSES AND SLOW STARTUP [Closed]


  • This topic is locked This topic is locked

#1
Pawanhammers

Pawanhammers

    Member

  • Member
  • PipPipPip
  • 248 posts

Hi recently my laptop has been acting weird

 

- im on windows 8.1

- i do not download viruses and my windows defender does not detect any viruses

- chrome randomly closes sometimes

- sometimes, random add-ons are added to chrome which modify websites

- the startup is SO slow. takes about 3 minutes for chrome to open. after that its faster.

 

i have attached the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by pawan98 (administrator) on PAWAN-LAP on 19-07-2015 01:12:21
Running from C:\Users\pawan98\Desktop
Loaded Profiles: pawan98 (Available Profiles: pawan98 & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Filthy Brother\Filthy Brother.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Users\pawan98\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Super PC Tools Ltd) C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}\1AB16RN52.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-10] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-16] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-09-09] (Entertainment Experience)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-12] (The Eraser Project)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\Run: [uTorrent] => C:\Users\pawan98\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-07-16] (BitTorrent Inc.)
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\Run: [Google Update] => C:\Users\pawan98\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-17] (Google Inc.)
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\Run: [MusicManager] => C:\Users\pawan98\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
Startup: C:\Users\pawan98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AB16RN52.lnk [2015-02-28]
ShortcutTarget: 1AB16RN52.lnk -> C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}\1AB16RN52.exe (Super PC Tools Ltd)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....Box&FORM=IESR02
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1189719033-285723195-1319920632-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1189719033-285723195-1319920632-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-1189719033-285723195-1319920632-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1189719033-285723195-1319920632-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{C8BCBC25-BC65-4779-B182-0643075D10A7}: [DhcpNameServer] 192.168.5.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1189719033-285723195-1319920632-1001: @tools.google.com/Google Update;version=3 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1189719033-285723195-1319920632-1001: @tools.google.com/Google Update;version=9 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13]
CHR Extension: (Google Docs) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]
CHR Extension: (Google Drive) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (YouTube) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Adblock Plus) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-11]
CHR Extension: (Google Search) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (Hola Better Internet) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-21]
CHR Extension: (appssave) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihdcklglidelcaopedcfpgbnpdnjclco [2015-06-18]
CHR Extension: (Google Wallet) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Gmail) - C:\Users\pawan98\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]
CHR HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\pawan98\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-14]
CHR HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 Filthy Brother; C:\Program Files (x86)\Filthy Brother\Filthy Brother.exe [8016046 2015-07-07] () [File not signed] <==== ATTENTION
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [101840 2014-09-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 FNETTHJM; C:\Windows\SysWOW64\drivers\fnetthjm.sys [24448 2014-12-16] (FNet Co., Ltd.) [File not signed]
S3 FNETTHJM_152D; C:\Windows\SysWOW64\drivers\fnetthjm_152D.sys [24448 2014-12-16] (FNet Co., Ltd.) [File not signed]
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-10-03] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [128504 2013-10-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3488744 2014-07-29] (Intel Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-04-09] (Synaptics Incorporated)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-19 01:12 - 2015-07-19 01:12 - 00024798 _____ C:\Users\pawan98\Desktop\FRST.txt
2015-07-19 01:12 - 2015-07-19 01:12 - 00000000 ____D C:\FRST
2015-07-19 01:11 - 2015-07-19 01:11 - 02134528 _____ (Farbar) C:\Users\pawan98\Desktop\FRST64.exe
2015-07-19 01:06 - 2015-07-19 01:09 - 00000000 ____D C:\ProgramData\jjhkaldbpopfmacbippfcdogcgeojlhn
2015-07-19 01:06 - 2015-07-19 01:07 - 00000000 ____D C:\Program Files (x86)\offerideual
2015-07-18 05:06 - 2015-07-19 01:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-18 04:59 - 2015-07-18 05:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-18 04:59 - 2015-07-18 04:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-18 04:49 - 2015-06-29 23:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-18 04:49 - 2015-06-29 16:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-18 04:49 - 2015-06-29 16:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-18 04:49 - 2015-06-29 16:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-18 04:49 - 2015-06-29 16:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-18 04:49 - 2015-06-29 16:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-18 04:49 - 2015-06-27 00:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-18 04:49 - 2015-06-27 00:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-18 04:49 - 2015-05-11 17:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-18 04:49 - 2015-05-07 16:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-18 04:49 - 2015-05-07 16:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-18 04:48 - 2015-05-03 16:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-18 04:48 - 2015-05-03 15:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-18 04:48 - 2015-05-02 00:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-18 03:20 - 2015-07-07 15:57 - 00010752 _____ (UG North) C:\Windows\system32\Hibiki.dll
2015-07-18 03:06 - 2015-07-18 03:06 - 00027330 _____ C:\Windows\PFRO.log
2015-07-18 03:06 - 2015-07-18 03:06 - 00000116 _____ C:\Windows\setupact.log
2015-07-18 03:06 - 2015-07-18 03:06 - 00000000 _____ C:\Windows\setuperr.log
2015-07-16 17:46 - 2015-07-16 17:46 - 00017066 _____ C:\Users\pawan98\Downloads\mr.robot.eps.1.4_3xpl0its.wmv.(2015).eng.1cd.(6237491).zip
2015-07-15 04:15 - 2015-07-09 20:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 04:15 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 04:15 - 2015-07-09 17:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 04:15 - 2015-07-09 16:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 04:15 - 2015-07-09 16:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 04:15 - 2015-07-09 16:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 04:15 - 2015-07-09 16:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 04:15 - 2015-07-09 16:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 04:15 - 2015-07-09 16:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 04:15 - 2015-07-09 16:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 04:15 - 2015-07-09 16:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 04:15 - 2015-07-09 16:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 04:15 - 2015-07-09 16:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 04:15 - 2015-07-03 14:52 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 04:15 - 2015-07-03 14:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 04:15 - 2015-07-03 14:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 04:15 - 2015-07-03 14:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 04:15 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 04:15 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 04:15 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 04:15 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 04:15 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 04:15 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 04:15 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 04:15 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 04:15 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 04:15 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 04:15 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 04:15 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 04:15 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 04:15 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 04:15 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 04:15 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 04:15 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 04:15 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 04:15 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 04:15 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 04:15 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 04:15 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 04:15 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 04:15 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 04:15 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 04:15 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 04:15 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 04:15 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 04:14 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 04:14 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 04:14 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 04:14 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 04:14 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 04:14 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 04:14 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 04:14 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 04:13 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 04:13 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 04:13 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 04:13 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 04:13 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 04:13 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 04:13 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 04:13 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 04:13 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 04:13 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 04:13 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 04:13 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 04:13 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 04:13 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 04:13 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 04:13 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 04:13 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 04:13 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 04:13 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 04:13 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 04:13 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 04:13 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 04:13 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 04:13 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 04:13 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 04:13 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 04:13 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 04:13 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 04:13 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 04:13 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 04:13 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 04:13 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 04:13 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 04:13 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 04:13 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 04:13 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 04:13 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 04:13 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-14 21:47 - 2015-07-14 21:47 - 00931408 _____ (Google Inc.) C:\Users\pawan98\Downloads\ChromeSetup.exe
2015-07-13 04:56 - 2015-07-13 04:56 - 00021309 _____ C:\Users\pawan98\Downloads\mr.robot.eps.1.2_d3bug.mkv.(2015).eng.1cd.(6228831).zip
2015-07-13 02:06 - 2015-07-13 02:06 - 00186492 _____ C:\Users\pawan98\Downloads\watch (2).htm
2015-07-12 05:27 - 2015-07-12 05:27 - 00022557 _____ C:\Users\pawan98\Downloads\mr.robot.eps1.1_onesandzer0es.mpeg.(2015).eng.1cd.(6221246).zip
2015-07-11 04:40 - 2015-07-11 04:40 - 00029072 _____ C:\Users\pawan98\Downloads\mr.robot.eps1.0_hellofriend.mov.(2015).eng.1cd.(6186379).zip
2015-07-11 03:59 - 2015-07-11 03:59 - 00000434 _____ C:\Users\pawan98\Downloads\url (1).htm
2015-07-08 14:30 - 2015-07-08 14:30 - 08016655 _____ C:\Windows\SysWOW64\1.exe
2015-07-07 15:57 - 2015-07-07 15:57 - 00000000 ____D C:\Program Files (x86)\Filthy Brother
2015-07-07 01:51 - 2015-07-07 01:51 - 00192861 _____ C:\Users\pawan98\Downloads\watch (1).htm
2015-07-06 22:42 - 2015-07-06 22:42 - 00029363 _____ C:\Users\pawan98\Downloads\blood.and.bone.(2009).eng.1cd.(3556915).zip
2015-07-05 01:50 - 2015-07-05 01:50 - 00211886 _____ C:\Users\pawan98\Downloads\watch.htm
2015-07-04 02:40 - 2015-05-21 14:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-03 15:06 - 2015-07-03 15:06 - 00001161 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-07-03 15:06 - 2015-07-03 15:06 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-07-03 15:06 - 2015-07-03 15:06 - 00000000 ____D C:\Users\pawan98\AppData\Roaming\Canneverbe Limited
2015-07-03 15:06 - 2015-07-03 15:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-07-03 15:06 - 2015-07-03 15:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-07-03 15:05 - 2015-07-03 15:05 - 05655320 _____ (Canneverbe Limited ) C:\Users\pawan98\Downloads\cdbxp_setup_4.5.5.5666.exe
2015-07-03 13:40 - 2015-07-03 14:21 - 00001412 _____ C:\Users\pawan98\Desktop\SAINSBURYS PHONE.txt
2015-07-02 15:37 - 2015-07-02 15:37 - 06208933 _____ C:\Users\pawan98\Downloads\Kranium - Lifestyle (Promo Single).zip
2015-07-02 02:25 - 2015-07-02 02:25 - 00145005 _____ C:\Users\pawan98\Downloads\page3.htm
2015-06-22 16:29 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-22 16:29 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-22 16:29 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-06-22 16:29 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-06-22 16:29 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-06-22 16:29 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-06-22 16:29 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-22 16:29 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-22 16:29 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-22 16:29 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-22 16:29 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-06-22 16:29 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-06-22 16:29 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-06-22 16:29 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-06-22 16:29 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-06-22 16:29 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-06-22 16:29 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-22 16:29 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-22 16:29 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-22 16:29 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-06-22 16:29 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-22 16:29 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-06-22 16:29 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-06-22 16:29 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-06-22 16:28 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-22 16:28 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-22 16:28 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-06-22 16:28 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-06-22 16:28 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-06-22 16:28 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-06-22 16:27 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-06-22 16:27 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-06-22 16:27 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-06-22 16:27 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-06-22 16:27 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-06-22 16:27 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-06-22 16:26 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-22 16:26 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-22 16:26 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-22 16:26 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-06-22 16:26 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-06-22 16:26 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-22 16:26 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-22 16:26 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-06-22 16:25 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-22 16:25 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-22 16:25 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-22 16:25 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-22 16:25 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-06-22 16:25 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-06-22 16:25 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-06-22 16:25 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-06-22 16:25 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-06-22 16:25 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-06-22 16:25 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-06-22 16:25 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-06-22 16:25 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-06-22 16:25 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 16:25 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 16:25 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-06-22 16:25 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-06-22 16:25 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-06-22 16:25 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-06-22 16:24 - 2015-04-16 07:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-22 16:24 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-22 16:24 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-22 16:24 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-22 16:24 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-22 16:24 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-22 16:24 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-22 16:24 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-22 16:24 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-22 16:24 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-22 16:24 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-22 16:24 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-22 16:24 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-22 16:24 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-22 16:24 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-06-22 16:24 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-06-22 16:24 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-22 16:24 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-22 16:24 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-06-22 16:24 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-06-22 16:24 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-06-22 16:24 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-06-22 16:24 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-06-22 16:24 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-06-22 16:24 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-06-22 16:24 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-06-22 16:23 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-22 16:23 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-22 16:23 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-06-22 16:23 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-06-22 16:23 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-06-22 16:23 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-06-22 16:23 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-06-22 15:50 - 2015-06-22 15:50 - 00004036 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-22 15:50 - 2015-06-22 15:50 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-22 15:50 - 2015-06-22 15:50 - 00003224 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-22 15:49 - 2015-06-22 15:49 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-22 15:49 - 2015-06-22 15:49 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-20 16:20 - 2015-06-20 16:20 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-06-20 16:20 - 2015-06-20 16:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-06-20 15:15 - 2015-07-19 01:06 - 01551328 _____ C:\Windows\WindowsUpdate.log
2015-06-19 22:39 - 2015-06-19 22:39 - 01048576 _____ C:\Users\pawan98\Downloads\TP_PROG.dbs
2015-06-19 21:46 - 2015-06-19 21:46 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-06-19 21:46 - 2015-06-19 21:46 - 00000000 ____D C:\Windows\en
2015-06-19 21:45 - 2015-06-19 21:45 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-06-19 21:45 - 2015-06-19 21:45 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-06-19 21:45 - 2015-06-19 21:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-19 21:44 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-06-19 21:44 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-06-19 21:44 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-06-19 21:44 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-06-19 21:44 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-06-19 21:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-06-19 21:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-06-19 21:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-06-19 21:44 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-06-19 21:44 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-06-19 21:44 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-06-19 21:44 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-06-19 21:42 - 2015-06-19 21:46 - 00000000 ____D C:\Users\pawan98\AppData\Local\Windows Live
2015-06-19 21:42 - 2015-06-19 21:42 - 01239752 _____ (Microsoft Corporation) C:\Users\pawan98\Downloads\wlsetup-web.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-19 01:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-19 01:07 - 2015-06-18 22:27 - 00000024 _____ C:\Users\pawan98\AppData\Roaming\appdataFr25.bin
2015-07-19 00:59 - 2014-12-03 19:06 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1189719033-285723195-1319920632-1001
2015-07-19 00:54 - 2014-12-17 01:46 - 00000000 ___RD C:\Users\pawan98\Google Drive
2015-07-19 00:54 - 2014-12-03 19:12 - 00002060 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-19 00:54 - 2014-12-03 19:12 - 00002058 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-19 00:54 - 2014-12-03 19:12 - 00002048 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-19 00:54 - 2014-12-03 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-18 21:26 - 2014-12-06 21:38 - 00000000 ____D C:\Users\pawan98\AppData\Roaming\vlc
2015-07-18 21:18 - 2014-12-17 02:57 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001UA.job
2015-07-18 21:10 - 2014-12-03 19:02 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D1075B80-BEC0-41D0-9F7A-372C23914060}
2015-07-18 05:07 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-18 05:06 - 2015-02-23 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-18 05:05 - 2014-12-11 04:15 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-18 05:05 - 2014-12-09 12:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-18 05:04 - 2014-12-06 19:19 - 00000000 ____D C:\Users\pawan98\AppData\Roaming\uTorrent
2015-07-18 05:01 - 2014-12-07 05:13 - 00000000 ____D C:\Windows\system32\MRT
2015-07-18 04:45 - 2014-12-03 19:10 - 00000000 ____D C:\Users\pawan98\AppData\Local\Adobe
2015-07-18 04:40 - 2014-12-03 20:27 - 00000000 ____D C:\Users\pawan98\AppData\Roaming\Skype
2015-07-18 03:20 - 2015-02-28 18:27 - 00000000 ____D C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}
2015-07-18 03:18 - 2014-11-03 17:51 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-18 03:17 - 2015-06-15 19:10 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-18 03:14 - 2014-03-18 10:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-18 03:06 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 03:06 - 2013-08-22 15:44 - 00482944 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 05:04 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-17 05:02 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-17 02:20 - 2015-06-18 20:20 - 00000346 _____ C:\Windows\Tasks\EasyBoost.job
2015-07-16 05:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-16 02:01 - 2014-12-03 18:56 - 00000000 ____D C:\Users\pawan98\AppData\Local\Packages
2015-07-16 01:18 - 2014-12-17 02:57 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001Core.job
2015-07-16 01:13 - 2014-12-17 02:57 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001UA
2015-07-16 01:13 - 2014-12-17 02:57 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001Core
2015-07-14 21:48 - 2014-12-03 19:09 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-13 22:10 - 2015-04-22 18:19 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2015-04-22 18:19 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 16:08 - 2014-12-03 19:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-13 16:08 - 2014-12-03 19:12 - 00000000 ____D C:\ProgramData\Skype
2015-07-06 17:28 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-07-06 15:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-05 11:08 - 2014-12-14 05:01 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 16:43 - 2015-06-18 20:21 - 00000000 ____D C:\Program Files (x86)\appssave
2015-07-03 08:43 - 2014-12-07 05:13 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-29 01:36 - 2014-12-17 02:12 - 00000000 ____D C:\Users\pawan98\AppData\Roaming\Mp3tag
2015-06-22 15:49 - 2014-11-03 17:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-22 15:48 - 2014-11-03 17:50 - 00000000 ____D C:\ProgramData\PCDr
2015-06-21 22:02 - 2014-12-03 19:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-21 22:02 - 2014-12-03 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-20 16:40 - 2015-02-23 09:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-20 16:33 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2015-06-20 15:53 - 2014-12-03 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-20 02:20 - 2015-06-18 20:20 - 00000000 ____D C:\ProgramData\{5b7196da-a939-9658-5b71-196daa935b6a}
2015-06-19 22:41 - 2015-04-03 16:31 - 00000000 ____D C:\Users\pawan98\AppData\Roaming\U3
 
==================== Files in the root of some directories =======
 
2015-06-18 22:27 - 2015-07-19 01:07 - 0000024 _____ () C:\Users\pawan98\AppData\Roaming\appdataFr25.bin
2015-03-13 00:19 - 2015-03-13 00:19 - 0000000 _____ () C:\Users\pawan98\AppData\Local\{C2519451-8442-4D36-8CD6-B2009A8F3929}
2014-11-03 17:35 - 2014-11-03 17:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\pawan98\AppData\Local\Temp\591D.exe
C:\Users\pawan98\AppData\Local\Temp\5D.exe
C:\Users\pawan98\AppData\Local\Temp\84B1.exe
C:\Users\pawan98\AppData\Local\Temp\BB17.exe
C:\Users\pawan98\AppData\Local\Temp\E80F.exe
C:\Users\pawan98\AppData\Local\Temp\Hibiki.dll
C:\Users\pawan98\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 16:39
 
==================== End of log ============================
 
ADDITION.TXT
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by pawan98 at 2015-07-19 01:13:27
Running from C:\Users\pawan98\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1189719033-285723195-1319920632-500 - Administrator - Disabled)
Guest (S-1-5-21-1189719033-285723195-1319920632-501 - Limited - Disabled) => C:\Users\Guest
pawan98 (S-1-5-21-1189719033-285723195-1319920632-1001 - Administrator - Enabled) => C:\Users\pawan98
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{161E08DE-252C-5567-ECEB-52D173E88224}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
appssave (HKLM-x32\...\{1E38F0E0-5499-CDAF-F946-BA3D053AABC2}) (Version:  - )
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco Packet Tracer 6.1 Student (HKLM-x32\...\Cisco Packet Tracer 6.1 Student_is1) (Version:  - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{90B2EE35-59D0-4A1F-B125-9F678D46A955}) (Version: 2.1.125.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.9 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{E3CECF25-A529-415E-8F9A-D53C40E5E94C}) (Version: 1.3.9000.0 - Dell Inc.)
EaseUS Data Recovery Wizard 8.5 (HKLM\...\EaseUS Data Recovery Wizard 8.5_is1) (Version:  - EaseUS)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Eraser 6.2.0.2962 (HKLM\...\{C6E287F1-2E47-45F0-BB51-94F815CFFB48}) (Version: 6.2.2962 - The Eraser Project)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Google Chrome (HKLM-x32\...\{DDCA236C-A28B-3979-8855-B7475BCAD806}) (Version: 66.30.49223 - Google, Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{694000a5-c594-49d2-b6e4-ef3960120b0f}) (Version: 17.1.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
Music Manager (HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\MusicManager) (Version:  - Google, Inc.)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
offerideual (HKLM-x32\...\{BC799F5F-37C9-ACBB-BE51-805992C10610}) (Version:  - ) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Torres Box Tuning Calculator version 1.1 (HKLM-x32\...\{D9B30331-BBF9-4CC7-940A-D735A324E100}_is1) (Version: 1.1 - Chris Torres)
True Color (HKLM-x32\...\{9ece0e50-5966-4a25-a5ef-c93d1e209b04}) (Version: 5.0.0.1 - Entertainment Experience)
True Color (Version: 5.0.0.1 - Entertainment Experience LLC) Hidden
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
24-06-2015 01:45:38 Windows Update
27-06-2015 19:38:17 Windows Update
01-07-2015 21:15:37 Windows Update
05-07-2015 01:52:27 Windows Update
10-07-2015 03:32:44 Windows Update
13-07-2015 04:38:50 Windows Update
17-07-2015 04:57:08 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1683CEC8-B370-40BA-AC26-AF1A28E80164} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2747A1F6-4455-4FBF-9AB4-957FC02BA876} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {2D5EE8B1-C304-460D-8244-F79A59ACFCB6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001Core => C:\Users\pawan98\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {36702350-F0BD-4181-9D58-AE6CA22F51A9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-09] (Synaptics Incorporated)
Task: {38A55294-9BFC-4CC1-8847-76CC41117E65} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1189719033-285723195-1319920632-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {4132BB3A-94C6-4BAA-A115-9EC486B2CAD1} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {46F3BC35-03CB-4977-99C9-EF31F5C654BE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {544C89C3-F451-4DD2-A265-ACCDF4012F16} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {71DA83CF-DFEB-4CF8-9A44-70B37AB4ACDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7951B951-6896-4A4B-B4DA-9C01EAEAAF29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001UA => C:\Users\pawan98\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {88FEFD67-52D8-4DA4-A248-72070BB38630} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-23] ()
Task: {91BF8994-D50E-4BB2-9021-8D6CD06F3807} - System32\Tasks\EasyBoost => c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}\d449.exe [2014-06-18] () <==== ATTENTION
Task: {9D93C758-0F2D-477F-A48F-F8F7C3445916} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {ADC4718E-50B4-4126-B8F5-7151D216B194} - System32\Tasks\AdobeAAMUpdater-1.0-Pawan-Lap-pawan98 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {B10A4ADF-83DE-4042-94E8-CCC1BD5D9BA9} - System32\Tasks\{848A90AB-3696-46A9-897A-6D0C9E68BD7B} => pcalua.exe -a "C:\Users\pawan98\AppData\Roaming\WTools\Selection Tools\Selection Tools Uninstall.exe" -c /cpanel=1
Task: {BF32C058-2CF0-4E41-A7F6-7E05B8508CD7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {D4530C29-1CFF-4350-9FED-B6705207BE3A} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {E41C4596-C3DB-499B-AAE3-0CFC7D9A423B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {E44ABBEE-D79C-482F-BBDD-3AA3DA5FF96B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E5E82E27-5F13-43B8-9CF3-A7AB8887F2E7} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {E8174276-5ADA-42F5-B9CE-32A100D1436B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\EasyBoost.job => c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}\d449.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001Core.job => C:\Users\pawan98\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1189719033-285723195-1319920632-1001UA.job => C:\Users\pawan98\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-24 15:05 - 2013-12-24 15:05 - 00466944 _____ () C:\Windows\system32\DPPPlugin.dll
2014-09-03 13:31 - 2014-09-03 13:31 - 00034304 _____ () C:\Windows\System32\ssy3clm.dll
2015-07-07 15:57 - 2015-07-07 15:57 - 08016046 _____ () C:\Program Files (x86)\Filthy Brother\Filthy Brother.exe
2014-09-21 11:46 - 2014-09-21 11:46 - 00101840 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2014-11-01 18:57 - 2014-03-07 17:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2014-01-10 23:53 - 2014-01-10 23:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 23:53 - 2014-01-10 23:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 23:53 - 2014-01-10 23:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-11 00:24 - 2014-01-11 00:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-11 00:24 - 2014-01-11 00:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-03 17:52 - 2014-07-03 06:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-06-22 15:49 - 2015-05-20 02:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-06-22 15:49 - 2015-05-20 02:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-19 01:05 - 2015-07-19 01:05 - 00140800 _____ () c:\windows\temp\tmpzbcdsr.dll
2015-05-29 21:04 - 2015-05-29 21:04 - 00117248 _____ () C:\Users\pawan98\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-05-29 21:04 - 2015-05-29 21:04 - 00234496 _____ () C:\Users\pawan98\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-05-29 21:04 - 2015-05-29 21:04 - 00253440 _____ () C:\Users\pawan98\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-05-29 21:04 - 2015-05-29 21:04 - 00344064 _____ () C:\Users\pawan98\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-11-03 17:42 - 2013-12-18 18:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-03 17:52 - 2014-07-31 02:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-11-03 17:52 - 2012-11-26 08:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-11-03 17:51 - 2012-11-26 08:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-07-19 00:54 - 2015-07-19 00:54 - 00098816 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32api.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00110080 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\pywintypes27.dll
2015-07-19 00:54 - 2015-07-19 00:54 - 00364544 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\pythoncom27.dll
2015-07-19 00:54 - 2015-07-19 00:54 - 00045568 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_socket.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 01161216 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_ssl.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00320512 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32com.shell.shell.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00713216 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_hashlib.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 01175040 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._core_.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00805888 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._gdi_.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00811008 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._windows_.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 01062400 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._controls_.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00735232 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._misc_.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00682496 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\pysqlite2._sqlite.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00087552 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_ctypes.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00119808 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32file.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00108544 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32security.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00007168 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\hashobjs_ext.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00068096 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\usb_ext.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00167936 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32gui.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00018432 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32event.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00128512 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_elementtree.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00127488 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\pyexpat.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00013824 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\common.time34.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00036864 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_psutil_windows.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00038912 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32inet.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00011264 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32crypt.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00070656 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._html2.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00027136 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_multiprocessing.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00020480 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\_yappi.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00035840 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32process.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00686080 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\unicodedata.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00122368 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._wizard.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00024064 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32pipe.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00010240 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\select.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00025600 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32pdh.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00525640 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\windows._lib_cacheinvalidation.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00017408 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32profile.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00022528 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\win32ts.pyd
2015-07-19 00:54 - 2015-07-19 00:54 - 00078336 _____ () C:\Users\pawan98\AppData\Local\Temp\_MEI3962\wx._animate.pyd
2015-07-14 21:48 - 2015-07-13 22:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 21:48 - 2015-07-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1189719033-285723195-1319920632-1001\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pawan98\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.5.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B7B3F967-4508-4D51-A758-538D0E93E592}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D981D931-79D0-4535-9985-BF6BFF84DB28}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0814D19A-5A50-421F-B952-66FE85D95030}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{337709D8-79E1-4CAF-9BBD-5E7B23BFA958}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6284401-F189-458D-B09B-C278ACB513B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF1A1656-EE33-490E-8F96-11EE9B2080F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7470CD12-0D3C-40E7-B8E5-F93B4447696D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38A3150E-2FE3-4823-9D91-D9D491149468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66E6F6CF-1E1A-4111-953D-927277B2FDE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93F04929-F1FE-4372-AFDE-5806F78E5EAB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DC7EF3C5-C6D3-4C1D-870F-BA866003B040}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{4F2951CD-6B30-43D5-9241-CE2BD316983A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3F91121D-9039-457A-80B5-D1D34B9FBF17}] => (Allow) C:\Users\pawan98\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{00D01B45-F7DD-4D23-A4C2-C8C0E6D93165}] => (Allow) C:\Users\pawan98\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C55B5CE9-D513-4036-9789-2398D9343C9F}] => (Allow) C:\Users\pawan98\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{044F485C-8D6E-4409-805C-CFD987B4C1E0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F2FB7A56-D08C-4A47-A967-4CFB9D096144}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{357CEF99-248C-4E0F-914C-54C1A929CD4D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{58A90727-1427-4D75-95FF-F7474E433519}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{771E61CF-05B1-4446-9E1F-BA06E28F4609}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2CBC6272-8BC1-48B9-82D5-3903A5C59BC6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EB5141DF-90AB-44D6-B093-C659AABE2174}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C563AED9-B0C6-43A6-9999-DE1EA9D24CDC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{EB9F92A4-B661-4799-9E71-39AC81EB716A}C:\users\pawan98\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\pawan98\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C18E4526-476F-4736-BD5D-EA1CB7996FC2}C:\users\pawan98\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\pawan98\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6346AE2D-C9BE-483D-AE85-44B07314AEFB}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{C34EFF07-C826-4852-96C4-70E72E6B6591}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [{E38CA1F5-9528-4B5C-B557-F771F148A55A}] => (Block) C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [{2B535613-BBB3-4D09-AA69-5395BE331A86}] => (Block) C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [{56B4BDCC-19C4-4A75-A6FB-C8E9248B81B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EA958EF0-1BC7-41BB-9471-3D76B8E3422D}] => (Allow) LPort=2869
FirewallRules: [{3F73B46D-8793-452E-A3B4-CC0EFEE90B68}] => (Allow) LPort=1900
FirewallRules: [{6F9743DA-2043-4DDD-8554-F576D45C31A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/19/2015 01:14:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8527872 (0x0000000000822000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [20a01e350460c372] and the computed checksum was [000008210002b40b].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:14:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8593408 (0x0000000000832000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [11f111f136fb45ba] and the computed checksum was [11f111f136fb4a42].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:13:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8527872 (0x0000000000822000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [20a01e350460c372] and the computed checksum was [000008210002b40b].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:13:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8593408 (0x0000000000832000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [11f111f136fb45ba] and the computed checksum was [11f111f136fb4a42].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:12:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8527872 (0x0000000000822000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [20a01e350460c372] and the computed checksum was [000008210002b40b].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:12:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8593408 (0x0000000000832000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [11f111f136fb45ba] and the computed checksum was [11f111f136fb4a42].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:11:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8527872 (0x0000000000822000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [20a01e350460c372] and the computed checksum was [000008210002b40b].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:11:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8593408 (0x0000000000832000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [11f111f136fb45ba] and the computed checksum was [11f111f136fb4a42].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:10:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8527872 (0x0000000000822000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [20a01e350460c372] and the computed checksum was [000008210002b40b].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (07/19/2015 01:10:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1476) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 8593408 (0x0000000000832000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [11f111f136fb45ba] and the computed checksum was [11f111f136fb4a42].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
 
System errors:
=============
Error: (07/18/2015 09:07:16 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/18/2015 05:07:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition.
 
Error: (07/18/2015 05:01:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Lync 2013 (KB2881013) 64-Bit Edition.
 
Error: (07/17/2015 04:59:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition.
 
Error: (07/17/2015 04:58:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Lync 2013 (KB2881013) 64-Bit Edition.
 
Error: (07/17/2015 03:56:29 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/16/2015 02:23:57 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/16/2015 12:13:05 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/15/2015 02:52:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Lync 2013 (KB2881013) 64-Bit Edition.
 
Error: (07/14/2015 09:20:43 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
Microsoft Office:
=========================
Error: (07/19/2015 01:14:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8527872 (0x0000000000822000)4096 (0x00001000)-1018 (0xfffffc06)[20a01e350460c372][000008210002b40b]2081 (0x821)
 
Error: (07/19/2015 01:14:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8593408 (0x0000000000832000)4096 (0x00001000)-1018 (0xfffffc06)[11f111f136fb45ba][11f111f136fb4a42]2097 (0x831)
 
Error: (07/19/2015 01:13:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8527872 (0x0000000000822000)4096 (0x00001000)-1018 (0xfffffc06)[20a01e350460c372][000008210002b40b]2081 (0x821)
 
Error: (07/19/2015 01:13:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8593408 (0x0000000000832000)4096 (0x00001000)-1018 (0xfffffc06)[11f111f136fb45ba][11f111f136fb4a42]2097 (0x831)
 
Error: (07/19/2015 01:12:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8527872 (0x0000000000822000)4096 (0x00001000)-1018 (0xfffffc06)[20a01e350460c372][000008210002b40b]2081 (0x821)
 
Error: (07/19/2015 01:12:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8593408 (0x0000000000832000)4096 (0x00001000)-1018 (0xfffffc06)[11f111f136fb45ba][11f111f136fb4a42]2097 (0x831)
 
Error: (07/19/2015 01:11:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8527872 (0x0000000000822000)4096 (0x00001000)-1018 (0xfffffc06)[20a01e350460c372][000008210002b40b]2081 (0x821)
 
Error: (07/19/2015 01:11:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8593408 (0x0000000000832000)4096 (0x00001000)-1018 (0xfffffc06)[11f111f136fb45ba][11f111f136fb4a42]2097 (0x831)
 
Error: (07/19/2015 01:10:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8527872 (0x0000000000822000)4096 (0x00001000)-1018 (0xfffffc06)[20a01e350460c372][000008210002b40b]2081 (0x821)
 
Error: (07/19/2015 01:10:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost1476SRUJet: C:\Windows\system32\SRU\SRUDB.dat8593408 (0x0000000000832000)4096 (0x00001000)-1018 (0xfffffc06)[11f111f136fb45ba][11f111f136fb4a42]2097 (0x831)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-07 02:11:29.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:29.030
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:28.834
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:28.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:28.558
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:28.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:28.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:28.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:27.957
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-07 02:11:27.832
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 38%
Total physical RAM: 8072.96 MB
Available physical RAM: 4979.29 MB
Total Virtual: 9352.96 MB
Available Virtual: 5824.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.81 GB) (Free:604.16 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.32 GB) (Free:0.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7DD6DA26)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 
thanks

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me know if this makes a difference

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Startup: C:\Users\pawan98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AB16RN52.lnk [2015-02-28]
ShortcutTarget: 1AB16RN52.lnk -> C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}\1AB16RN52.exe (Super PC Tools Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
2015-07-19 01:06 - 2015-07-19 01:09 - 00000000 ____D C:\ProgramData\jjhkaldbpopfmacbippfcdogcgeojlhn
2015-07-19 01:06 - 2015-07-19 01:07 - 00000000 ____D C:\Program Files (x86)\offerideual
2015-07-08 14:30 - 2015-07-08 14:30 - 08016655 _____ C:\Windows\SysWOW64\1.exe
2015-07-18 03:20 - 2015-02-28 18:27 - 00000000 ____D C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}
2015-07-17 02:20 - 2015-06-18 20:20 - 00000346 _____ C:\Windows\Tasks\EasyBoost.job
2015-07-03 16:43 - 2015-06-18 20:21 - 00000000 ____D C:\Program Files (x86)\appssave
2015-06-20 02:20 - 2015-06-18 20:20 - 00000000 ____D C:\ProgramData\{5b7196da-a939-9658-5b71-196daa935b6a}
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {91BF8994-D50E-4BB2-9021-8D6CD06F3807} - System32\Tasks\EasyBoost => c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}\d449.exe [2014-06-18] () <==== ATTENTION
Task: {D4530C29-1CFF-4350-9FED-B6705207BE3A} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\EasyBoost.job => c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}\d449.exe <==== ATTENTION
C:\Users\pawan98\AppData\Local\Temp\_MEI3962
C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}
c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY
  • 0

#3
Pawanhammers

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts

Hi Essexboy and thanks for replying.

 

An hour after I made this thread I removed an extension on chrome which stopped the random closes. No problem regarding chrome persisted, however I did what you said in regards to re-installing and still no problems with google chrome and runs smoothly. 

 

I ran the fix, and here is the log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015

Ran by pawan98 at 2015-07-21 04:14:24 Run:1
Running from C:\Users\pawan98\Desktop
Loaded Profiles: pawan98 (Available Profiles: pawan98 & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Startup: C:\Users\pawan98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AB16RN52.lnk [2015-02-28]
ShortcutTarget: 1AB16RN52.lnk -> C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}\1AB16RN52.exe (Super PC Tools Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
2015-07-19 01:06 - 2015-07-19 01:09 - 00000000 ____D C:\ProgramData\jjhkaldbpopfmacbippfcdogcgeojlhn
2015-07-19 01:06 - 2015-07-19 01:07 - 00000000 ____D C:\Program Files (x86)\offerideual
2015-07-08 14:30 - 2015-07-08 14:30 - 08016655 _____ C:\Windows\SysWOW64\1.exe
2015-07-18 03:20 - 2015-02-28 18:27 - 00000000 ____D C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}
2015-07-17 02:20 - 2015-06-18 20:20 - 00000346 _____ C:\Windows\Tasks\EasyBoost.job
2015-07-03 16:43 - 2015-06-18 20:21 - 00000000 ____D C:\Program Files (x86)\appssave
2015-06-20 02:20 - 2015-06-18 20:20 - 00000000 ____D C:\ProgramData\{5b7196da-a939-9658-5b71-196daa935b6a}
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\pawan98\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {91BF8994-D50E-4BB2-9021-8D6CD06F3807} - System32\Tasks\EasyBoost => c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}\d449.exe [2014-06-18] () <==== ATTENTION
Task: {D4530C29-1CFF-4350-9FED-B6705207BE3A} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\EasyBoost.job => c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}\d449.exe <==== ATTENTION
C:\Users\pawan98\AppData\Local\Temp\_MEI3962
C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}
c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Users\pawan98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AB16RN52.lnk => moved successfully.
C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}\1AB16RN52.exe => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Policies\Google" => key removed successfully
OATool => Service removed successfully
C:\ProgramData\jjhkaldbpopfmacbippfcdogcgeojlhn => moved successfully.
"C:\Program Files (x86)\offerideual" => File/Folder not found.
C:\Windows\SysWOW64\1.exe => moved successfully.
 
"C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}" folder move:
 
Could not move "C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}" folder => Scheduled to move on reboot.
 
C:\Windows\Tasks\EasyBoost.job => moved successfully.
"C:\Program Files (x86)\appssave" => File/Folder not found.
C:\ProgramData\{5b7196da-a939-9658-5b71-196daa935b6a} => moved successfully.
"HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1189719033-285723195-1319920632-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91BF8994-D50E-4BB2-9021-8D6CD06F3807}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91BF8994-D50E-4BB2-9021-8D6CD06F3807}" => key removed successfully
C:\Windows\System32\Tasks\EasyBoost => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyBoost" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4530C29-1CFF-4350-9FED-B6705207BE3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4530C29-1CFF-4350-9FED-B6705207BE3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => key removed successfully
C:\Windows\Tasks\EasyBoost.job not found.
"C:\Users\pawan98\AppData\Local\Temp\_MEI3962" => File/Folder not found.
 
"C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}" folder move:
 
Could not move "C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717}" folder => Scheduled to move on reboot.
 
"c:\programdata\{5b7196da-a939-9658-5b71-196daa935b6a}" => File/Folder not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1189719033-285723195-1319920632-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {4D8039DB-D185-4717-9300-0D5B9B59057F}.
Unable to cancel {CE86D7FA-EB06-4633-9C1D-7DEEC7887487}.
Unable to cancel {0E3E09F5-B6BD-4DA6-BBAB-89DD0FE1ADEC}.
Unable to cancel {271E6444-0129-4387-9715-9D4F2120CD2C}.
{942B7550-282E-496F-A791-EDB1AAD6D627} canceled.
{82E104C2-4C71-40FC-A273-8AFF79D08025} canceled.
{8D86E81A-6CFE-47D8-A49F-B734118E1FFE} canceled.
{3410EA40-2F99-4BE2-A8E8-3273D845A993} canceled.
4 out of 8 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 308.8 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-21 04:18:47)<=
 
C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717} => moved successfully
C:\ProgramData\{4ed109c5-ebd1-edc4-4ed1-109c5ebd2717} => Is moved successfully
 
==== End of Fixlog 04:18:51 ====

 

In regards to AdwCleaner, I scanned it, when I pressed clean, in the process randomly this came up on the screen:

 

oig31k.jpg

 

This has never come up before and it was stuck at 100% for about 5 minutes. So I held the power button and force rebooted.

There was a logfile that I found, called AdwCleaner[S0] like you stated even though that happened, here it is:

 

 

# AdwCleaner v4.208 - Logfile created 21/07/2015 at 04:26:59

# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : pawan98 - PAWAN-LAP
# Running from : C:\Users\pawan98\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\eb1f63000000226c
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\pawan98\AppData\Local\globalUpdate
Folder Deleted : C:\Users\pawan98\AppData\Roaming\Store
Folder Deleted : C:\Users\pawan98\AppData\Roaming\WTools
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdcklglidelcaopedcfpgbnpdnjclco
File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Key Deleted : HKLM\SOFTWARE\44d6551d-8ac2-138f-1784-93eebb56f8de
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74CA59B5-0066-48C3-9D1A-84E0C0BB9AD7}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Clara
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : akjbfncbadcmnkopckegnmjgihagponf
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ihdcklglidelcaopedcfpgbnpdnjclco
 
*************************
 
AdwCleaner[R0].txt - [2795 bytes] - [21/07/2015 04:24:42]
AdwCleaner[S0].txt - [2645 bytes] - [21/07/2015 04:26:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2704  bytes] ##########
 

 

 

 

Everything seems fine apart from that random screen during the Adw scan.

 

Do you have any tips regarding how to speed up the start up? I have had this laptop for barely 8 or 9 months, it has 8gb of ram and i7 processor. The desktop takes atleast 3 minutes to load, and chrome takes another 3 minutes to fully load up. It is appalling for a new laptop.

Also, sometimes my laptop fan spins ALOT when I'm not even using the laptop, most the time from system processes. I use Windows Defender AV.

 

Thanks!


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we can do something about the start but you will need to set aside about an hour for this. Then once done only use the windows defragment programme

Download the SDK web installer from here
Run the installer and select the following:

Leave the location to default
wdk%20location.JPG

Windows Performance Toolkit
Wintoolkitselect.JPG

You must reboot on completion of the install

After reboot set aside about 30 minutes when you will not need the computer

When ready start an elevated command prompt :

Go Start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator

Then copy and paste the following command into the black box :

xbootmgr -trace boot -prepSystem -verboseReadyBoot

sdk%20command.JPG

Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

Readyboot
 

The logical prefetching described above is used when the system has less than 512MB of memory. If the system has 700MB or more then an in-RAM cache is used to further optimize the boot process (its not clear from the book whether or not this ReadyBoot cache completely replaces the logical prefetching approach or just builds on it, my assumption is that both work together).
After each boot the system generates a boot caching plan for the next boot using file trace information from up to the five previous boots which contains details of which files were accessed and where on the disk they were located. These traces are stored as .fx files in the


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP